PUG-01-S007 10:01 Frofn:BSTZ 



303T40696E 



To:USPTO 



P. 10/18 



In the claims: 

Following is a complete set of claims as amended with this Response. 

1 . (Currently Amended) A method p e rformodby an Int e rn e t Sor\ace Provider 
C*ISP^^ to roduco cortjjScat e r e vocation liotQ ("CRL") at acoeso points of a wirelogs access 
network providing oooc ss to tho ISP^ th e m e thod comprising: 

/ 

receiving a subscription request at an Internet Service Provider flSP^ from a user 
terminal capable of accessing the ISP using a ^ wireless access network; 

assigning a subscription identifier to the user terminal at the ISP in response to the 
SuVsqriptjp]" request; 

receiving providing a service certificate signed by a certificate authority, the 
service certificate including the subscription identifier; 

checking the service certificate against a certificate revocation list fCRL) 
maintained bv the ISP: and 

providing, to the user terminal, if the service certificate is valid, a session 
certificate one or mofo soGflion c e rtificates to he used tn accesg the w^^a^i^i^ gg 
network, the session certificate o e rtifioatoa having a shorter validity period than the 
service certificate. 

2. (Currently Amended) The method of claim 1 , farth e r compri s ine ^ -wherein 
receiving the service certificate comprises r eceiving the service certificate from an access 
point being used by a user terminal to access the wireless access networkt 

determining whether th e s e rvic e certificat e io valid; and 
providing on e or more new o e ooion cortificat e g to tho uocr terminal if tho QorvIcQ 
oertifioato is valid > 
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3. (Currently Amended) The method of claim 2, wherein determining whether the 
service certificate is valid comprises searching a certificate revocation list at the ISP . 

4. (Original) The method of claim 1, wherein the one or more session certificates arc 
each associated with a link-level session available to the user terminal. 

5. (Original) The method of claim 1 , wherein each link-level session comprises a 
PPP session. 

6. (Currently Amended) A method perform e d by an ooocoi) point of a wirelooa acocgs 
network, th e m e thod comprising: 

receiving a digital certificate at a wireless access point of a wireless access 
network from a user terminal seeking access to the wireless access network, the digital 
certificate to be used to authenticate the user terminal; 

determining a type of the digital certificate; a»d 
the certificate jjs a ^e^mn g^rtififi^tg. thffl determining the vahdity of the digital 
certificate by searching a certificate revocation list (CRL) at the wireless access point that 
is associated with session certificates t h e typ e of th e digital oortificato ; and 

if the certificate is a service certificate, then sending the certificate to an Intemej 
Service Provider to determine the validity of the certificate . 

7. (CuTTcntly Amended) The method of claim 6, wherein determining the type of the 
digital certificate comprises detennining the length of the wheth e r the digital certificate 
comprises q service ocrtificato or a s e ssion c e rtificate . 

8. (Currently Amended) The method of claim 6 claim 7> wherein the validity periods 
of session certificates is shorter than the vahdity periods of session certificates. 
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9. (Original) The xnethod of claim 8, wherein the CRL associated with session 
certificates is shorter than the CRL associated with service cextiflcates. 

10. (Currently Amended) A user tenninal capable of communicating with a wireless 
access network, the user terminal comprising: 

a memory to store: 

a service certificate issued by an Internet Service Provider ("iSP'*) and signed by 
a certificate authority, the service certificate having a first validity period, the service 
certificate corresponding with a subscription of the user terminal with the ISP and 
including a subscription identifier, the service certificate to be used by the wireless access 
network to authenticate the user terminal with the ISP : and 

a session certificate issued by the ISP and signed by the certificate authority, the 
session certificate having a second validity period that is shorter in duration than the fii^t 
validity period, the session certificate corresponding with a session subscribed to by the 
user terminaJ and to be used by the wireless access network to authenticate the user 
tenninal to a wireless access point of the wireless access network . 

1 1 . (Original) The user tenninal of claim 1 0, wherein the session comprises a link- 
level session. 

12. (Original) The user tenninal of claim 1 1, wherein the link-level session comprises 
aPPP session. 

1 3 . (Currently Amended) A machine-readable medium having stored thereon data 
representing instructions that, when executed by a processor of an Internet Service 
Provider ("ISP**), cause the processor to perform operations to roduco c e rtificat e 
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rovooation lista C - GRV') at accooa pointQ of a wirclcoa accoss n e twork providing Qccesa to 
th e ISP, the operation s comprising: 

receiving a subscription request at an Internet Service Provider flSP^I from a user 
terminal capable of accessing the ISP using a tbe wireless access network; 

assigning a subscription identifier to the user terminal at the ISP in response to the 
subscription request : 

receiving providing a service certificate signed by a certificate authorit y, the 
service certificate including the subscription identifier, 

checking the service certificate against a certificate revocation list fCRL) 
maintained bv the ISP: and 

providing, to the user tenninal, if the service certificate is valid, a sessiop 
certificate on e or more aossion cortifioatco to be used to access the wireless access 
network, the session certificate oortificatos having a shorter validity period than the 
service certificate. 

14. (Cuirently Amended) The machine-readable medium of claim 13, wherein the 
inotnictions ftath e r caus e th e proc e s s or to perform opomtionfl comprising: receiving the 
service certificate comprises receiving the service certificate trom an access point being 
used by a user terminal to access the wireless access networkt 

d e t e miining wh e th e r th e service oortificat e is valid; ott d 
providing one or moro n e w s e ssion c e rtificatoo to the user torminal if the oorvico 
c e rtificat e is valid . 

15. (Original) The machine-readable medium of claim 14, wherein determining 
whether the service certificate is valid comprises searching a certificate revocation list. 
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1 6. (Original) The machine-readable medium of claim 13, wherein the one or more 
session certificates are each associated with a link-level session available to the user 
terminal 

1 7. (Original) The machine-readable medium of claim 1 3, wherein each link-level 
session comprises a PPP session. 
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